Merge pull request #4 from QubesOS/master

Update from original

.travis.yml

@@ -2,8 +2,6 @@ sudo: required
 dist: trusty
 language: generic
 install: git clone https://github.com/QubesOS/qubes-builder ~/qubes-builder
-# debootstrap in trusty is old...
-before_script: sudo ln -s sid /usr/share/debootstrap/scripts/stretch
 script: ~/qubes-builder/scripts/travis-build
 env:
  - DIST_DOM0=fc23 USE_QUBES_REPO_VERSION=3.2 USE_QUBES_REPO_TESTING=1

appmenus-files/qubes-appmenu-select.desktop

@@ -7,4 +7,4 @@ Terminal=false
 Name=%VMNAME%: Add more shortcuts...
 GenericName=%VMNAME%: Add more shortcuts...
 StartupNotify=false
-Categories=System;
+Categories=System;X-Qubes-VM;

appmenus-files/qubes-dispvm-firefox.desktop

@@ -7,4 +7,4 @@ Terminal=false
 Name=DispVM: Firefox web browser
 GenericName=DispVM: Web browser
 StartupNotify=false
-Categories=Network;
+Categories=Network;X-Qubes-VM;

appmenus-files/qubes-dispvm-xterm.desktop

@@ -0,0 +1,10 @@
+[Desktop Entry]
+Version=1.0
+Type=Application
+Exec=sh -c 'echo xterm | /usr/lib/qubes/qfile-daemon-dvm qubes.VMShell dom0 DEFAULT red'
+Icon=dispvm-red
+Terminal=false
+Name=DispVM: xterm
+GenericName=DispVM: Terminal
+StartupNotify=false
+Categories=Network;X-Qubes-VM;

appmenus-files/qubes-start.desktop

@@ -7,4 +7,4 @@ Terminal=false
 Name=%VMNAME%: Start
 GenericName=%VMNAME%: Start
 StartupNotify=false
-Categories=System;
+Categories=System;X-Qubes-VM;

appmenus-scripts/qubes-core-appmenus.py

@@ -319,7 +319,7 @@ def QubesVm_label_setter(self, _):
 
     # Apparently desktop environments heavily caches the icons,
     # see #751 for details
-    if os.environ.get("DESKTOP_SESSION", "") == "kde-plasma":
+    if "plasma" in os.environ.get("DESKTOP_SESSION", ""):
         try:
             os.unlink(os.path.expandvars(
                 "$HOME/.kde/cache-$HOSTNAME/icon-cache.kcache"))
@@ -337,7 +337,7 @@ def QubesVm_label_setter(self, _):
                 dbus_interface="org.freedesktop.Notifications")
         except:
             pass
-    elif os.environ.get("DESKTOP_SESSION", "") == "xfce":
+    elif "xfce" in os.environ.get("DESKTOP_SESSION", ""):
         self.appmenus_remove()
         self.appmenus_create()
 

appmenus-scripts/qubes-receive-appmenus

@@ -213,6 +213,9 @@ def create_template(path, values):
         if key in values:
             desktop_entry += "{0}=%VMNAME%: {1}\n".format(key, values[key])
 
+    # force category X-Qubes-VM
+    values["Categories"] = values.get("Categories", "") + "X-Qubes-VM;"
+
     for key in ["Comment", "Categories"]:
         if key in values:
             desktop_entry += "{0}={1}\n".format(key, values[key])

doc/Makefile

@@ -21,7 +21,7 @@ install: manpages
 manpages: $(TOOLS_DOCS)
 	
 preview:	$(rst)
-	pandoc -s -f rst -t man $(rst) | groff -mandoc -Tlatin1 | less -R
+	$(PANDOC) $(rst) | groff -mandoc -Tlatin1 | less -R
 
 clean:
 	rm -f $(TOOLS_DOCS)

dom0-updates/qubes-dom0-update

@@ -22,13 +22,11 @@ if [ "$1" = "--help" ]; then
     exit
 fi
 
-# Prevent template upgrade - this would override user changes
-TEMPLATE_EXCLUDE_OPTS="--exclude=`rpm -qa --qf '%{NAME},' qubes-template-\*`"
 PKGS=
-YUM_OPTS="$TEMPLATE_EXCLUDE_OPTS"
+YUM_OPTS=
 GUI=
 CHECK_ONLY=
-ALL_OPTS="$TEMPLATE_EXCLUDE_OPTS $*"
+ALL_OPTS="$*"
 YUM_ACTION=
 QVMRUN_OPTS=
 CLEAN=
@@ -63,6 +61,38 @@ while [ $# -gt 0 ]; do
     shift
 done
 
+# Prevent template upgrade - this would override user changes -
+# but do allow explicit template reinstalls
+if [ "$YUM_ACTION" == "reinstall" ] && [[ "$PKGS" == *"qubes-template-"* ]]; then
+    TEMPLATE_EXCLUDE_OPTS=""
+    echo "WARNING: Reinstalling a template will erase all files in template's /home and /rw !"
+
+    ONEPKG=`cut -f 1 -d ' ' <<<$PKGS`
+    if [[ "$ONEPKG" == "qubes-template-"* ]] && [[ "$ONEPKG" == "${PKGS#\ }" ]]; then # test "$PKGS" minus space
+    # Prepare to backup template root.img in case reinstall doesn't complete.
+        TEMPLATE=${ONEPKG#qubes-template-}
+        if qvm-shutdown --wait $TEMPLATE ; then
+            echo "Template VM halted"
+        fi
+        if ! TEMPLATE_NETVM=`qvm-prefs --force-root $TEMPLATE netvm` \
+        || ! BAK_TEMPLATE_ROOT=`qvm-prefs --force-root $TEMPLATE root_img` \
+        || ! BAK_TEMPLATE_PRIVATE=`qvm-prefs --force-root $TEMPLATE private_img` ; then
+            exit 1
+        fi
+        if [[ "$TEMPLATE_NETVM" == *"(default)" ]] ; then
+            TEMPLATE_NETVM="default"
+        fi
+    else
+        echo "ERROR: Specify only one package to reinstall template"
+        exit 1
+    fi
+
+else
+    TEMPLATE_EXCLUDE_OPTS="--exclude=`rpm -qa --qf '%{NAME},' qubes-template-\*`"
+fi
+YUM_OPTS="$TEMPLATE_EXCLUDE_OPTS $YUM_OPTS"
+ALL_OPTS="$TEMPLATE_EXCLUDE_OPTS $ALL_OPTS"
+
 ID=$(id -ur)
 if [ $ID != 0 -a -z "$GUI" -a -z "$CHECK_ONLY" ] ; then
     echo "This script should be run as root (when used in console mode), use sudo." >&2
@@ -135,7 +165,7 @@ qvm-run $QVMRUN_OPTS -a $UPDATEVM true || exit 1
 tar c /var/lib/rpm /etc/yum.repos.d /etc/yum.conf 2>/dev/null | \
    qvm-run -p "$UPDATEVM" 'LC_MESSAGES=C tar x -C /var/lib/qubes/dom0-updates 2>&1 | grep -v -E "s in the future"'
 
-qvm-run $QVMRUN_OPTS --pass-io $UPDATEVM "/usr/lib/qubes/qubes-download-dom0-updates.sh --doit --nogui $ALL_OPTS"
+qvm-run $QVMRUN_OPTS --pass-io $UPDATEVM "script --quiet --return --command '/usr/lib/qubes/qubes-download-dom0-updates.sh --doit --nogui $ALL_OPTS' /dev/null"
 RETCODE=$?
 if [ "$CHECK_ONLY" == "1" ]; then
     exit $RETCODE
@@ -157,14 +187,44 @@ if [ -z "$YUM_ACTION" ]; then
 fi
 
 if [ "x$PKGS" != "x" ]; then
-    yum $YUM_OPTS $YUM_ACTION $PKGS
+    if [[ -n "$BAK_TEMPLATE_ROOT" ]] ; then # Handle template details
+    # Backup root.img and private.img just in case
+        echo "Creating img backup files"
+        mv "$BAK_TEMPLATE_ROOT" "$BAK_TEMPLATE_ROOT-bak"
+        mv "$BAK_TEMPLATE_PRIVATE" "$BAK_TEMPLATE_PRIVATE-bak"
+        TDIR=`qvm-prefs --force-root $TEMPLATE dir`
+        rm -f "$TDIR/volatile.img"
+        echo "--> Creating private.img..."
+        truncate -s 2G $BAK_TEMPLATE_PRIVATE
+        mkfs.ext4 -m 0 -q -F $BAK_TEMPLATE_PRIVATE
+        chown root:qubes $BAK_TEMPLATE_PRIVATE
+        chmod 0660 $BAK_TEMPLATE_PRIVATE
+    fi
+
+    yum $YUM_OPTS $YUM_ACTION $PKGS ; RETCODE=$?
+
+    if [[ -n "$BAK_TEMPLATE_ROOT" ]] ; then # Handle template details
+        if [ $RETCODE -eq 0 ] ; then
+        # Reinstall went OK, remove backup files.
+            rm -f "$BAK_TEMPLATE_ROOT-bak"
+            rm -f "$BAK_TEMPLATE_PRIVATE-bak"
+        else
+            echo "Yum exit: Restoring img files"
+            mv "$BAK_TEMPLATE_ROOT-bak" "$BAK_TEMPLATE_ROOT"
+            mv "$BAK_TEMPLATE_PRIVATE-bak" "$BAK_TEMPLATE_PRIVATE"
+        fi
+        if ! qvm-prefs --force-root -s $TEMPLATE netvm $TEMPLATE_NETVM ; then
+            echo "ERROR: NetVM setting could not be restored!"
+            exit 1
+        fi
+    fi
 elif [ -f /var/lib/qubes/updates/repodata/repomd.xml ]; then
     # Above file exists only when at least one package was downloaded
     if [ "$GUI" == "1" ]; then
         $guiapp
     else
         yum check-update
-        if [ $? -eq 100 ]; then
+        if [ $? -eq 100 ]; then # Run yum with options
             yum $YUM_OPTS $YUM_ACTION
         fi
     fi

file-copy-vm/qvm-copy-to-vm

@@ -37,3 +37,7 @@ mkfifo -- "$RESPONSE"
 # can't use $@ with --localcmd, and $* would fail on whitespace
 /usr/lib/qubes/qfile-dom0-agent "$@" <"$RESPONSE" |
 qvm-run --pass-io "$VM" "QUBESRPC qubes.Filecopy dom0" >"$RESPONSE"
+
+if [ "${0##*/}" = "qvm-move-to-vm" ]; then
+	rm -rf -- "$@"
+fi

file-copy-vm/qvm-move-to-vm

@@ -1,24 +0,0 @@
-#!/bin/bash
-#
-# The Qubes OS Project, http://www.qubes-os.org
-#
-# Copyright (C) 2015  Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-#
-#
-
-. qvm-copy-to-vm "$@" &&
-rm -rf -- "$@"

qrexec/qrexec-client.c

@@ -34,9 +34,9 @@
 #include "qrexec.h"
 #include "libqrexec-utils.h"
 
-// whether qrexec-client should replace ESC with _ before printing the output
-int replace_esc_stdout = 0;
-int replace_esc_stderr = 0;
+// whether qrexec-client should replace problematic bytes with _ before printing the output
+int replace_chars_stdout = 0;
+int replace_chars_stderr = 0;
 
 #define VCHAN_BUFFER_SIZE 65536
 
@@ -332,12 +332,20 @@ static void handle_input(libvchan_t *vchan)
     }
 }
 
-void do_replace_esc(char *buf, int len) {
+void do_replace_chars(char *buf, int len) {
 	int i;
+	unsigned char c;
 
-	for (i = 0; i < len; i++)
-		if (buf[i] == '\033')
+	for (i = 0; i < len; i++) {
+		c = buf[i];
+		if ((c < '\040' || c > '\176') &&  /* not printable ASCII */
+		    (c != '\t') &&                 /* not tab */
+		    (c != '\n') &&                 /* not newline */
+		    (c != '\r') &&                 /* not return */
+		    (c != '\b') &&                 /* not backspace */
+		    (c != '\a'))                   /* not bell */
 			buf[i] = '_';
+	}
 }
 
 static int handle_vchan_data(libvchan_t *vchan, struct buffer *stdin_buf)
@@ -378,8 +386,8 @@ static int handle_vchan_data(libvchan_t *vchan, struct buffer *stdin_buf)
         case MSG_DATA_STDOUT:
             if (local_stdin_fd == -1)
                 break;
-            if (replace_esc_stdout)
-                do_replace_esc(buf, hdr.len);
+            if (replace_chars_stdout)
+                do_replace_chars(buf, hdr.len);
             if (hdr.len == 0) {
                 /* restore flags, as we may have not the only copy of this file descriptor
                 */
@@ -408,8 +416,8 @@ static int handle_vchan_data(libvchan_t *vchan, struct buffer *stdin_buf)
             }
             break;
         case MSG_DATA_STDERR:
-            if (replace_esc_stderr)
-                do_replace_esc(buf, hdr.len);
+            if (replace_chars_stderr)
+                do_replace_chars(buf, hdr.len);
             write_all(2, buf, hdr.len);
             break;
         case MSG_DATA_EXIT_CODE:
@@ -542,7 +550,7 @@ static void usage(char *name)
             "-c request_id,src_domain_name,src_domain_id|"
             "-e] remote_cmdline\n"
             "-e means exit after sending cmd,\n"
-            "-t enables replacing ESC character with '_' in command output, -T is the same for stderr\n"
+            "-t enables replacing problematic bytes with '_' in command output, -T is the same for stderr\n"
             "-c: connect to existing process (response to trigger service call)\n"
             "-w timeout: override default connection timeout of 5s (set 0 for no timeout)\n",
             name);
@@ -666,10 +674,10 @@ int main(int argc, char **argv)
                 is_service = 1;
                 break;
             case 't':
-                replace_esc_stdout = 1;
+                replace_chars_stdout = 1;
                 break;
             case 'T':
-                replace_esc_stderr = 1;
+                replace_chars_stderr = 1;
                 break;
             case 'w':
                 connection_timeout = atoi(optarg);

qrexec/qrexec-policy

@@ -70,7 +70,7 @@ def read_policy_file(service_name):
     return policy_list
 
 def is_match(item, config_term):
-    return (item is not "dom0" and config_term == "$anyvm") or item == config_term
+    return (item != "dom0" and config_term == "$anyvm") or item == config_term
 
 def get_default_policy():
     dict={}

rpm_spec/core-dom0-linux.spec

@@ -48,6 +48,7 @@ BuildRequires:  qubes-libvchan-devel
 Requires:	qubes-core-dom0
 Requires:	qubes-utils >= 3.1.3
 Requires:	%{name}-kernel-install
+Requires:	xdotool
 
 %define _builddir %(pwd)
 
@@ -159,11 +160,12 @@ install -m 644 -D system-config/75-qubes-dom0.preset \
     $RPM_BUILD_ROOT/usr/lib/systemd/system-preset/75-qubes-dom0.preset
 install -m 644 -D system-config/99-qubes-default-disable.preset \
     $RPM_BUILD_ROOT/usr/lib/systemd/system-preset/99-qubes-default-disable.preset
+install -m 755 tools/qvm-xkill $RPM_BUILD_ROOT/usr/bin/
 
 # file copy to VM
 install -m 755 file-copy-vm/qfile-dom0-agent $RPM_BUILD_ROOT/usr/lib/qubes/
 install -m 755 file-copy-vm/qvm-copy-to-vm $RPM_BUILD_ROOT/usr/bin/
-install -m 755 file-copy-vm/qvm-move-to-vm $RPM_BUILD_ROOT/usr/bin/
+ln -s qvm-copy-to-vm $RPM_BUILD_ROOT/usr/bin/qvm-move-to-vm
 
 ### Icons
 mkdir -p $RPM_BUILD_ROOT/usr/share/qubes/icons
@@ -186,7 +188,7 @@ for i in /usr/share/qubes/icons/*.png ; do
 done
 xdg-icon-resource forceupdate
 
-xdg-desktop-menu install /usr/share/qubes-appmenus/qubes-dispvm.directory /usr/share/qubes-appmenus/qubes-dispvm-firefox.desktop
+xdg-desktop-menu install /usr/share/qubes-appmenus/qubes-dispvm.directory /usr/share/qubes-appmenus/qubes-dispvm-*.desktop
 
 /usr/lib/qubes/patch-dnf-yum-config
 
@@ -200,7 +202,7 @@ if [ "$1" = 0 ] ; then
 		xdg-icon-resource uninstall --novendor --size 48 $i
 	done
 
-    xdg-desktop-menu uninstall /usr/share/qubes-appmenus/qubes-dispvm.directory /usr/share/qubes-appmenus/qubes-dispvm-firefox.desktop
+    xdg-desktop-menu uninstall /usr/share/qubes-appmenus/qubes-dispvm.directory /usr/share/qubes-appmenus/qubes-dispvm-*.desktop
 
     systemctl disable qubes-suspend.service > /dev/null 2>&1
 fi
@@ -231,6 +233,7 @@ chmod -x /etc/grub.d/10_linux
 /usr/libexec/qubes-appmenus/remove-appvm-appmenus.sh
 /usr/share/qubes-appmenus/qubes-appmenu-select.desktop
 /usr/share/qubes-appmenus/qubes-dispvm-firefox.desktop
+/usr/share/qubes-appmenus/qubes-dispvm-xterm.desktop
 /usr/share/qubes-appmenus/qubes-dispvm.directory
 /usr/share/qubes-appmenus/qubes-servicevm.directory.template
 /usr/share/qubes-appmenus/qubes-start.desktop
@@ -282,6 +285,7 @@ chmod -x /etc/grub.d/10_linux
 %config(noreplace) /etc/profile.d/zz-disable-lesspipe
 /usr/lib/systemd/system-preset/75-qubes-dom0.preset
 /usr/lib/systemd/system-preset/99-qubes-default-disable.preset
+/usr/bin/qvm-xkill
 # Man
 %{_mandir}/man1/qvm-*.1*
 %{_mandir}/man1/qubes-*.1*

system-config/60-persistent-storage.rules

@@ -1,20 +1,18 @@
+# Qubes: Prevent probing of domU controlled disk contents. Note that it would
+# nevertheless be insecure to attach block devices from domU to dom0 (xvd*) due
+# to automatic kernel partition table scanners -- which are disabled for loop*
+# devices created without LO_FLAGS_PARTSCAN.
+SUBSYSTEM=="block", KERNEL=="loop*|xvd*", GOTO="persistent_storage_end"
+
 # do not edit this file, it will be overwritten on update
 
 # persistent storage links: /dev/disk/{by-id,by-uuid,by-label,by-path}
 # scheme based on "Linux persistent device names", 2004, Hannes Reinecke <hare@suse.de>
 
-# forward scsi device event to corresponding block device
-ACTION=="change", SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_device", TEST=="block", ATTR{block/*/uevent}="change"
-
 ACTION=="remove", GOTO="persistent_storage_end"
 
-# enable in-kernel media-presence polling
-ACTION=="add", SUBSYSTEM=="module", KERNEL=="block", ATTR{parameters/events_dfl_poll_msecs}=="0", ATTR{parameters/events_dfl_poll_msecs}="2000"
-
 SUBSYSTEM!="block", GOTO="persistent_storage_end"
-
-# skip rules for inappropriate block devices
-KERNEL=="loop*|fd*|mtd*|nbd*|gnbd*|btibm*|dm-*|md*|zram*", GOTO="persistent_storage_end"
+KERNEL!="loop*|mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|nvme*|sd*|sr*|vd*|xvd*|bcache*|cciss*|dasd*", GOTO="persistent_storage_end"
 
 # ignore partitions that span the entire disk
 TEST=="whole_disk", GOTO="persistent_storage_end"
@@ -26,39 +24,43 @@ ENV{DEVTYPE}=="partition", IMPORT{parent}="ID_*"
 KERNEL=="vd*[!0-9]", ATTRS{serial}=="?*", ENV{ID_SERIAL}="$attr{serial}", SYMLINK+="disk/by-id/virtio-$env{ID_SERIAL}"
 KERNEL=="vd*[0-9]", ATTRS{serial}=="?*", ENV{ID_SERIAL}="$attr{serial}", SYMLINK+="disk/by-id/virtio-$env{ID_SERIAL}-part%n"
 
-# ATA devices using the "scsi" subsystem
+# ATA
 KERNEL=="sd*[!0-9]|sr*", ENV{ID_SERIAL}!="?*", SUBSYSTEMS=="scsi", ATTRS{vendor}=="ATA", IMPORT{program}="ata_id --export $devnode"
-# ATA/ATAPI devices (SPC-3 or later) using the "scsi" subsystem
+
+# ATAPI devices (SPC-3 or later)
 KERNEL=="sd*[!0-9]|sr*", ENV{ID_SERIAL}!="?*", SUBSYSTEMS=="scsi", ATTRS{type}=="5", ATTRS{scsi_level}=="[6-9]*", IMPORT{program}="ata_id --export $devnode"
 
 # Run ata_id on non-removable USB Mass Storage (SATA/PATA disks in enclosures)
 KERNEL=="sd*[!0-9]|sr*", ENV{ID_SERIAL}!="?*", ATTR{removable}=="0", SUBSYSTEMS=="usb", IMPORT{program}="ata_id --export $devnode"
-# Otherwise, fall back to using usb_id for USB devices
+
+# Fall back usb_id for USB devices
 KERNEL=="sd*[!0-9]|sr*", ENV{ID_SERIAL}!="?*", SUBSYSTEMS=="usb", IMPORT{builtin}="usb_id"
 
-# scsi devices
+# SCSI devices
 KERNEL=="sd*[!0-9]|sr*", ENV{ID_SERIAL}!="?*", IMPORT{program}="scsi_id --export --whitelisted -d $devnode", ENV{ID_BUS}="scsi"
 KERNEL=="cciss*", ENV{DEVTYPE}=="disk", ENV{ID_SERIAL}!="?*", IMPORT{program}="scsi_id --export --whitelisted -d $devnode", ENV{ID_BUS}="cciss"
 KERNEL=="sd*|sr*|cciss*", ENV{DEVTYPE}=="disk", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/$env{ID_BUS}-$env{ID_SERIAL}"
 KERNEL=="sd*|cciss*", ENV{DEVTYPE}=="partition", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/$env{ID_BUS}-$env{ID_SERIAL}-part%n"
 
-# firewire
+# FireWire
 KERNEL=="sd*[!0-9]|sr*", ATTRS{ieee1394_id}=="?*", SYMLINK+="disk/by-id/ieee1394-$attr{ieee1394_id}"
 KERNEL=="sd*[0-9]", ATTRS{ieee1394_id}=="?*", SYMLINK+="disk/by-id/ieee1394-$attr{ieee1394_id}-part%n"
 
-KERNEL=="mmcblk[0-9]", SUBSYSTEMS=="mmc", ATTRS{name}=="?*", ATTRS{serial}=="?*", ENV{ID_NAME}="$attr{name}", ENV{ID_SERIAL}="$attr{serial}", SYMLINK+="disk/by-id/mmc-$env{ID_NAME}_$env{ID_SERIAL}"
+# MMC
+KERNEL=="mmcblk[0-9]", SUBSYSTEMS=="mmc", ATTRS{name}=="?*", ATTRS{serial}=="?*", \
+  ENV{ID_NAME}="$attr{name}", ENV{ID_SERIAL}="$attr{serial}", SYMLINK+="disk/by-id/mmc-$env{ID_NAME}_$env{ID_SERIAL}"
 KERNEL=="mmcblk[0-9]p[0-9]", ENV{ID_NAME}=="?*", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/mmc-$env{ID_NAME}_$env{ID_SERIAL}-part%n"
-KERNEL=="mspblk[0-9]", SUBSYSTEMS=="memstick", ATTRS{name}=="?*", ATTRS{serial}=="?*", ENV{ID_NAME}="$attr{name}", ENV{ID_SERIAL}="$attr{serial}", SYMLINK+="disk/by-id/memstick-$env{ID_NAME}_$env{ID_SERIAL}"
-KERNEL=="mspblk[0-9]p[0-9]", ENV{ID_NAME}=="?*", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/memstick-$env{ID_NAME}_$env{ID_SERIAL}-part%n"
 
-# by-path (parent device path)
+# Memstick
+KERNEL=="msblk[0-9]|mspblk[0-9]", SUBSYSTEMS=="memstick", ATTRS{name}=="?*", ATTRS{serial}=="?*", \
+  ENV{ID_NAME}="$attr{name}", ENV{ID_SERIAL}="$attr{serial}", SYMLINK+="disk/by-id/memstick-$env{ID_NAME}_$env{ID_SERIAL}"
+KERNEL=="msblk[0-9]p[0-9]|mspblk[0-9]p[0-9]", ENV{ID_NAME}=="?*", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/memstick-$env{ID_NAME}_$env{ID_SERIAL}-part%n"
+
+# by-path
 ENV{DEVTYPE}=="disk", DEVPATH!="*/virtual/*", IMPORT{builtin}="path_id"
 ENV{DEVTYPE}=="disk", ENV{ID_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH}"
 ENV{DEVTYPE}=="partition", ENV{ID_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH}-part%n"
 
-# skip unpartitioned removable media devices from drivers which do not send "change" events
-ENV{DEVTYPE}=="disk", KERNEL!="sd*|sr*", ATTR{removable}=="1", GOTO="persistent_storage_end"
-
 # probe filesystem metadata of optical drives which have a media inserted
 KERNEL=="sr*", ENV{DISK_EJECT_REQUEST}!="?*", ENV{ID_CDROM_MEDIA_TRACK_COUNT_DATA}=="?*", ENV{ID_CDROM_MEDIA_SESSION_LAST_OFFSET}=="?*", \
   IMPORT{builtin}="blkid --offset=$env{ID_CDROM_MEDIA_SESSION_LAST_OFFSET}"
@@ -69,9 +71,6 @@ KERNEL=="sr*", ENV{DISK_EJECT_REQUEST}!="?*", ENV{ID_CDROM_MEDIA_TRACK_COUNT_DAT
 # probe filesystem metadata of disks
 KERNEL!="sr*", IMPORT{builtin}="blkid"
 
-# watch metadata changes by tools closing the device after writing
-KERNEL!="sr*", OPTIONS+="watch"
-
 # by-label/by-uuid links (filesystem metadata)
 ENV{ID_FS_USAGE}=="filesystem|other|crypto", ENV{ID_FS_UUID_ENC}=="?*", SYMLINK+="disk/by-uuid/$env{ID_FS_UUID_ENC}"
 ENV{ID_FS_USAGE}=="filesystem|other", ENV{ID_FS_LABEL_ENC}=="?*", SYMLINK+="disk/by-label/$env{ID_FS_LABEL_ENC}"
@@ -84,4 +83,7 @@ ENV{DEVTYPE}=="partition", ENV{ID_WWN_WITH_EXTENSION}=="?*", SYMLINK+="disk/by-i
 ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_UUID}=="?*", SYMLINK+="disk/by-partuuid/$env{ID_PART_ENTRY_UUID}"
 ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}"
 
+# add symlink to GPT root disk
+ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_GPT_AUTO_ROOT}=="1", SYMLINK+="gpt-auto-root"
+
 LABEL="persistent_storage_end"

system-config/75-qubes-dom0.preset

@@ -45,4 +45,6 @@ enable qubes-qmemman.service
 enable qubes-suspend.service
 enable qubes-setupdvm.service
 enable qubes-block-cleaner.service
-
+enable anti-evil-maid-unseal.service
+enable anti-evil-maid-check-mount-devs.service
+enable anti-evil-maid-seal.service

system-config/kernel-xen-efi.install

@@ -6,7 +6,23 @@ COMMAND="$1"
 KVER="$2"
 
 ESP_MOUNTPOINT=/boot/efi
-EFI_DIR="$ESP_MOUNTPOINT/EFI/qubes"
+
+EFI_DIR=$(efibootmgr -v 2>/dev/null | awk '
+        /^BootCurrent:/ { current=$2; }
+        /^Boot....\* / { 
+            if ("Boot" current "*" == $1) {
+                sub(".*File\\(", "");
+                sub("\\\\xen.efi\\).*", "");
+                gsub("\\\\", "/");
+                print;
+            }
+        }')
+
+if [ -z "$EFI_DIR" ]; then
+    EFI_DIR="$ESP_MOUNTPOINT/EFI/qubes"
+else
+    EFI_DIR="$ESP_MOUNTPOINT$EFI_DIR"
+fi
 
 if [ ! -d "$EFI_DIR" ]; then
     # non-EFI system

tools/qvm-xkill

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -e
+
+ID=$(xdotool selectwindow)
+
+xprop -id "$ID" _QUBES_VMNAME | grep -q ' = ' \
+  || { echo "${0##*/}: Not killing dom0 window $ID" >&2; exit 1; }
+
+xdotool windowkill "$ID"

version

@@ -1 +1 @@
-3.2.3
+3.2.11